News Next article
Scam safety: Our top tips for avoiding phishing scams
With phishing scams on the rise, knowing how to avoid them is more important than ever. We'll show you how.By Trust and Safety 9 October 2023
Don't give a hacker the chance to steal your information.
If you receive communication from a company asking you to do something, like login, make a payment or confirm your credit card details, it's important to be sure it's actually them. Just like in the real world, there are criminals online trying to make a dishonest buck.
Remember: when it comes to scams, anyone can be a victim – and it's never the victim's fault.
What is a phishing scam?
A phishing scam is where a criminal pretends to be a trusted business or organisation, trying to trick you into handing over your personal information. Over the years, we've seen these scams become more and more convincing – making them harder for people to spot. Sometimes they can be pretty convincing.
How it usually works:
- You'll get an email, text, or phone call. It looks like it's from a trusted brand or organisation, like Trade Me or your bank. They may also pose as a buyer or seller from Trade Me.
- They say something like: "Your account has been hacked, please log in to secure it" or "An unauthorised transaction has been made".
- They'll ask you to do something, like log in or provide payment information.
- They've stolen your personal data.
Remember: All emails from Trade Me end in 'trademe.co.nz' – and we'll never, ever ask for your password via email.
Signs that an email, text or call isn't legit
- You don't recognise the email address or phone number.
- They're asking you to do something urgently.
- They claim or imply that something bad will happen if you don't do what they ask.
- They've asked for your personal information, like login details or your credit card.
- They haven't addressed you by your first name. If you have an account with them, they'll know your name.
- There is incorrect spelling or poor grammar.
- You don't have an account with the organisation.
What should I do?
- Be cautious of unexpected or strange-looking emails, texts or calls.
- Who sent it?
Make sure the end of the sender's email address matches their actual website address. For example, an email from IRD should end in 'ird.govt.nz'
- Don't click any links.
If you've clicked a link, run a full virus check on your device right away – before doing anything else.
- If you've entered your credit card details
Contact your bank to cancel your card. They'll also help make sure your account is secure.
- Delete the email and block the sender. Don't reply or engage with them.
- Contact the organisation directly.
Don't click any links. Leave the email or text and go to their website to contact them – so you know you're dealing with the right people.
- Get a second opinion from a trusted friend or family member.
If the sender is pretending to be Trade Me, forward the email to our Fraud team, or email us a screenshot of it along with the sender's email address to firstname.lastname@example.org. They're also available on live chat Monday to Friday.
I think I've been a victim – what can I do?
- Contact CERT NZ
- If you've provided login details, change your password for that account. Find out how to change your Trade Me password.
- If it's Trade Me related, contact our Fraud team as soon as possible. Include as much detail as you can.
If you've fallen victim – it's not your fault. These scammers are getting more sophisticated every day and are really good at fooling everyday people.
Never feel ashamed to ask for help if you need it.